Penetration Testing Security Audits and Assessments

http://www.netdefense.co.uk
info@netdefense.co.uk

Introduction to Penetration Testing

A Penetration Test is a method of evaluating the security of a computer system or network by simulating an attack by a hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

Black box vs. White box Penetration tests can be conducted in several ways. The most common difference is the amount of knowledge of the implementation details of the system being tested that are available to the testers. Black box testing assumes no prior knowledge of the infrastructure to be tested, and the testers must first determine the location and extent of the systems before commencing their analysis. At the other end of the spectrum, white box testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code and IP addressing information. There are also several variations in between, often known as gray box tests. Penetration tests may also be described as Full disclosure, partial disclosure or blind tests based on the amount of information provided to the testing party.

http://www.netdefense.co.uk
info@netdefense.co.uk
The 6 steps of a penetration test 1. Enumeration Gathering as many passive facts about the target system as possible. The following are common enumeration techniques (Web Searches on Google, johnny.ihackstuff.com, Newsgroups, NIC queries, Whois, DNS queries and SMTP probing). Goal: Learn about the target 2. IP Scanning The next step is to scan the target system. Methods include ICMP scanning and probing, TCP and UDP port scanning, Third Party TCP scanning. Common scan tools are NMAP, SING, hping2, lsrscan and fragroute. Goal: Identify open services on target 3. Assessing discovered services Evaluate the versions of Web, FTP, Database, Mail, VPN, Telnet, SSH, DNS, SNMP, LDAP, X-Windows etc. services running on various platforms such as Microsoft or Unix through manual and automated fingerprinting. Goal: Find out which versions of the services are in place 4. Find or write exploits Once fingerprinting has been completed, consult the following websites to check whether exploits are available for the version discovered: securityfocus.com, cve.mitre.org, xforce.iss.net, packetstormsecurity.org, kb.cert.org/vuls. Goal: Find the “key” to enter the system 5. Exploit the target system Use the exploits discovered and run them against the target in order to gain access to the target network. Erase traces on the target network that would indicate your presence. Goal: Unauthorized Access to the target system 6. Document the vulnerabilities and recommend on how to close holes Document which exploits worked on which services and present it to the owner of the target network. Consult the websites of the services you have discovered being vulnerable and advise to upgrade to latest versions. Goal: Close the security holes down